package org.jasig.cas.authentication.handler.support;

import javax.annotation.Resource;

import org.jasig.cas.authentication.principal.UsernamePasswordCredentials;
import org.springframework.security.authentication.encoding.Md5PasswordEncoder;

import com.cqan.dao.UserDao;
import com.cqan.entity.UserBasicDetails;

/**
 * Simple  implementation of a AuthenticationHandler that returns true if
 * the username and password match. This class should never be enabled in a
 * production environment and is only designed to facilitate unit testing and
 * load testing.
 * 
 * @author Scott Battaglia
 * @version $Revision$ $Date$
 * @since 3.0
 */
public final class IbatisUsernamePasswordAuthenticationHandler extends
    AbstractUsernamePasswordAuthenticationHandler {
	
	@Resource(name="userDao")
	private UserDao userDao;

    public IbatisUsernamePasswordAuthenticationHandler() {
        log
            .warn(this.getClass().getName()
                + " is only to be used in a testing environment.  NEVER enable this in a production environment.");
    }

    public boolean authenticateUsernamePasswordInternal(final UsernamePasswordCredentials credentials) {
        final String username = credentials.getUsername();
        final String password = credentials.getPassword();
        UserBasicDetails user = userDao.getUserDetailsByUsername(username);
        Md5PasswordEncoder md5 = new Md5PasswordEncoder();  
        if (user!=null&&user.getPassword().equals(md5.encodePassword(getPasswordEncoder().encode(password), username))) {
            log.debug("User [" + username + "] was successfully authenticated.");
            return true;
        }

        log.debug("User [" + username + "] failed authentication");

        return false;
    }
}
